We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Have I still got a virus?
magsirl
Posts: 219 Forumite
in Techie Stuff
Hi,
If someone could please have a look at my logs and advise me if I still have a virus I would be most grateful.
On Thursday I ran ASquared2 and it picked up 5 viruses. I managed to quarintine them and I had hoped I was now clear of them, Having read through varies threads on here I have changed my Antivirus from AVG to AVIRA. I also downloaded SUPERantiSpyware and it shows nothing on my computer.
I already had CCleaner and Malwarebytes and Adaware.
When I run Adaware it is saying two reg keys found and possibly viruses?
The only problem I have noticed is my latest update from windows keeps failing to be updated on my computer.
*
Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)**
Any advice much appreciate but please remember I am not very computer savvy!!:rotfl:
Logs to be added to next message!!
If someone could please have a look at my logs and advise me if I still have a virus I would be most grateful.
On Thursday I ran ASquared2 and it picked up 5 viruses. I managed to quarintine them and I had hoped I was now clear of them, Having read through varies threads on here I have changed my Antivirus from AVG to AVIRA. I also downloaded SUPERantiSpyware and it shows nothing on my computer.
I already had CCleaner and Malwarebytes and Adaware.
When I run Adaware it is saying two reg keys found and possibly viruses?
The only problem I have noticed is my latest update from windows keeps failing to be updated on my computer.
*
Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)**
Any advice much appreciate but please remember I am not very computer savvy!!:rotfl:
Logs to be added to next message!!
0
Comments
-
This is the Adware log (No3 and No 51 seem to be the problem)
avasoft Ad-aware Personal Build 6.181
Logfile created on :12 April 2009 07:58:49
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
______________________________________________________
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
12/04/2009 07:58:49 - Scan started. (Smart mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 12/04/2009 06:50:20
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:29
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:31
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:33
BasePriority : Normal
FileSize : 106 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 25/04/2005 23:05:55
Last accessed : 12/04/2009 06:50:33
Last modified : 14/04/2008 00:12:34
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:34
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2113)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 25/04/2005 23:05:41
Last accessed : 12/04/2009 06:50:34
Last modified : 14/04/2008 00:12:24
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:36
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25/04/2005 23:06:00
Last accessed : 12/04/2009 06:50:36
Last modified : 14/04/2008 00:12:36
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:36
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25/04/2005 23:06:00
Last accessed : 12/04/2009 06:50:36
Last modified : 14/04/2008 00:12:36
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 12/04/2009 06:50:36
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25/04/2005 23:06:00
Last accessed : 12/04/2009 06:50:36
Last modified : 14/04/2008 00:12:36
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:37
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25/04/2005 23:06:00
Last accessed : 12/04/2009 06:50:36
Last modified : 14/04/2008 00:12:36
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:37
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25/04/2005 23:06:00
Last accessed : 12/04/2009 06:50:36
Last modified : 14/04/2008 00:12:36
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:41
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-0852)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 25/04/2005 23:05:58
Last accessed : 12/04/2009 06:50:41
Last modified : 14/04/2008 00:12:36
#:12 [sched.exe]
FilePath : C:\Program Files\Avira\AntiVir Desktop\
ThreadCreationTime : 12/04/2009 06:50:41
BasePriority : Normal
FileSize : 105 KB
FileVersion : 9.00.00.05
ProductVersion : 9.00.00.05
Copyright : Copyright
CompanyName : Avira GmbH
FileDescription : Antivirus Scheduler
InternalName : avschd
OriginalFilename : sched.exe
ProductName : AntiVir Desktop
Created on : 10/04/2009 08:41:44
Last accessed : 12/04/2009 06:50:42
Last modified : 05/03/2009 15:17:24
#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 12/04/2009 06:50:45
BasePriority : Normal
FileSize : 1009 KB
FileVersion : 6.00.2900.5512 (xpsp.080413-2105)
ProductVersion : 6.00.2900.5512
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 25/04/2005 23:05:36
Last accessed : 12/04/2009 06:50:47
Last modified : 14/04/2008 00:12:19
#:14 [zhotkey.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 12/04/2009 06:50:51
BasePriority : Normal
FileSize : 530 KB
FileVersion : 3, 0, 0, 7
ProductVersion : 3, 0, 0, 0
Copyright : Copyright (c) 2004.
FileDescription : Multimedia Keyboard Driver
InternalName : Multimedia Hotkey Driver
OriginalFilename : mHotkey.res
ProductName : Multimedia Keyboard Driver
Created on : 10/05/2005 09:07:19
Last accessed : 12/04/2009 06:50:51
Last modified : 17/05/2004 17:30:04
#:15 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ThreadCreationTime : 12/04/2009 06:50:52
BasePriority : Normal
FileSize : 32 KB
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
Copyright : Copyright (c) CyberLink Corp. 1997-2004
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
OriginalFilename : PDVDSERV.EXE
ProductName : PowerDVD
Created on : 10/05/2005 09:07:22
Last accessed : 12/04/2009 06:50:52
Last modified : 02/11/2004 19:24:46
#:16 [a2service.exe]
FilePath : c:\program files\a-squared free\
ThreadCreationTime : 12/04/2009 06:50:52
BasePriority : Normal
FileSize : 415 KB
FileVersion : 4.0.0.21
ProductVersion : 4.0.0.0
Copyright : (C) 2003-2009 Emsi Software GmbH
CompanyName : Emsi Software GmbH
FileDescription : a-squared Service
InternalName : a2service
OriginalFilename : a2service.exe
ProductName : a-squared
Created on : 10/06/2007 21:21:48
Last accessed : 12/04/2009 06:50:52
Last modified : 17/03/2009 20:54:31
#:17 [soundman.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 12/04/2009 06:50:53
BasePriority : Normal
FileSize : 76 KB
FileVersion : 1, 0, 0, 14
ProductVersion : 1, 0, 0, 14
Copyright : Copyright (c) 2004 Realtek Semiconductor Corp.
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
OriginalFilename : ALSMTray.exe
ProductName : Realtek HD Sound Manager
Created on : 10/05/2005 09:07:55
Last accessed : 12/04/2009 06:50:53
Last modified : 21/10/2004 14:20:00
#:18 [photoshopelementsfileagent.exe]
FilePath : C:\Program Files\Adobe\Photoshop Elements 4.0\
ThreadCreationTime : 12/04/2009 06:50:53
BasePriority : Normal
FileSize : 100 KB
Created on : 09/09/2005 02:24:30
Last accessed : 12/04/2009 06:50:53
Last modified : 09/09/2005 02:24:30
#:19 [alcwzrd.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 12/04/2009 06:50:54
BasePriority : Normal
FileSize : 2680 KB
FileVersion : 1.1.0.15
ProductVersion : 1.1.0.15
Copyright : Copyright (C) 2003-2004 Realtek Semiconductor Corp.
CompanyName : RealTek Semicoductor Corp.
FileDescription : RealTek AlcWzrd Application
InternalName : ALCWZRD.EXE
OriginalFilename : ALCWZRD.EXE
ProductName : ALCWZRD
Created on : 10/05/2005 09:07:55
Last accessed : 12/04/2009 06:50:54
Last modified : 21/10/2004 17:44:00
#:20 [shwiconem.exe]
FilePath : C:\Program Files\Digital Media Reader\
ThreadCreationTime : 12/04/2009 06:50:55
BasePriority : Idle
FileSize : 132 KB
FileVersion : 1, 4, 0, 8
ProductVersion : 1, 4, 0, 8
Copyright : Copyright c 2002
CompanyName : Alcor Micro, Corp.
ProductName : Multimedia Card Reader
Created on : 15/11/2004 14:04:32
Last accessed : 12/04/2009 06:50:55
Last modified : 15/11/2004 14:04:32
#:21 [avguard.exe]
FilePath : C:\Program Files\Avira\AntiVir Desktop\
ThreadCreationTime : 12/04/2009 06:50:55
BasePriority : Normal
FileSize : 180 KB
FileVersion : 9.00.01.26
ProductVersion : 9.00.01.26
Copyright : Copyright
CompanyName : Avira GmbH
FileDescription : Antivirus On-Access Service
InternalName : AVGuard
OriginalFilename : avguard.exe
ProductName : AntiVir Desktop
Created on : 10/04/2009 08:41:43
Last accessed : 12/04/2009 06:50:55
Last modified : 02/03/2009 11:10:30
#:22 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ThreadCreationTime : 12/04/2009 06:50:57
BasePriority : Normal
FileSize : 108 KB
FileVersion : 1, 14, 0, 0
ProductVersion : 1, 14, 0, 0
Copyright : Copyright 2007 Apple, Inc. All Rights Reserved.
CompanyName : Apple, Inc.
FileDescription : Apple Mobile Device Service
InternalName : usbaapld
OriginalFilename : AppleMobileDeviceService.exe
ProductName : Apple Mobile Device Service
Created on : 31/10/2007 14:09:16
Last accessed : 12/04/2009 06:50:57
Last modified : 31/10/2007 14:09:16
#:23 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:58
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2105)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 25/04/2005 23:05:54
Last accessed : 12/04/2009 06:50:58
Last modified : 14/04/2008 00:12:33
#:24 [bjmcmng.exe]
FilePath : C:\Program Files\Canon\BJCard\
ThreadCreationTime : 12/04/2009 06:50:58
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1.30
ProductVersion : 1.30
Copyright : Copyright CANON INC. 2000-2002 All Rights Reserved.
CompanyName : CANON INC.
FileDescription : Memory Card Manager
InternalName : Bjmcmng
OriginalFilename : Bjmcmng.exe
ProductName : Memory Card Utility
Created on : 04/09/2005 16:42:01
Last accessed : 12/04/2009 06:50:58
Last modified : 21/10/2002 09:36:50
#:25 [logmeinsystray.exe]
FilePath : C:\Program Files\LogMeIn\x86\
ThreadCreationTime : 12/04/2009 06:50:58
BasePriority : Normal
FileSize : 61 KB
FileVersion : 3.0.596
ProductVersion : 3.0.596
Copyright : Copyright
CompanyName : LogMeIn, Inc.
FileDescription : LogMeIn Desktop Application
InternalName : LogMeInSystray
OriginalFilename : LogMeInSystray.exe
ProductName : LogMeIn
Created on : 24/07/2008 18:46:10
Last accessed : 12/04/2009 06:50:58
Last modified : 24/07/2008 18:46:10
#:26 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:58
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25/04/2005 23:06:00
Last accessed : 12/04/2009 06:50:36
Last modified : 14/04/2008 00:12:36
#:27 [cshelper.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:50:59
BasePriority : Normal
FileSize : 260 KB
Created on : 20/02/2009 18:19:28
Last accessed : 12/04/2009 06:50:59
Last modified : 20/02/2009 18:19:28
#:28 [avgnt.exe]
FilePath : C:\Program Files\Avira\AntiVir Desktop\
ThreadCreationTime : 12/04/2009 06:50:59
BasePriority : Normal
FileSize : 204 KB
FileVersion : 9.00.00.12
ProductVersion : 9.00.00.12
Copyright : Copyright
CompanyName : Avira GmbH
FileDescription : Antivirus System Tray Tool
InternalName : avsystray.exe
OriginalFilename : avgnt.exe
ProductName : AntiVir Desktop
Created on : 10/04/2009 08:41:43
Last accessed : 12/04/2009 06:50:59
Last modified : 02/03/2009 11:08:47
#:29 [iolosgctrl.exe]
FilePath : C:\Program Files\iolo\System Mechanic 6\
ThreadCreationTime : 12/04/2009 06:50:59
BasePriority : Normal
FileSize : 238 KB
Created on : 30/06/2007 13:54:49
Last accessed : 12/04/2009 06:50:59
Last modified : 20/12/2006 16:47:00
#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:51:00
BasePriority : Normal
FileSize : 15 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2105)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 25/04/2005 23:06:11
Last accessed : 12/04/2009 06:51:00
Last modified : 14/04/2008 00:12:16
#:31 [smsystemanalyzer.exe]
FilePath : C:\Program Files\iolo\System Mechanic 6\
ThreadCreationTime : 12/04/2009 06:51:01
BasePriority : Normal
FileSize : 544 KB
Created on : 30/06/2007 13:54:54
Last accessed : 12/04/2009 06:51:01
Last modified : 20/12/2006 11:38:00
#:32 [panelapp.exe]
FilePath : C:\Documents and Settings\\Local Settings\Application Data\Valued Opinions\PanelApp\
ThreadCreationTime : 12/04/2009 06:51:02
BasePriority : Normal
FileSize : 30 KB
Created on : 03/01/2007 22:04:58
Last accessed : 12/04/2009 06:51:02
Last modified : 03/01/2007 22:04:58
#:33 [ramaint.exe]
FilePath : C:\Program Files\LogMeIn\x86\
ThreadCreationTime : 12/04/2009 06:51:02
BasePriority : Normal
FileSize : 113 KB
FileVersion : 4.0.784
ProductVersion : 4.0.784
Copyright : Copyright
CompanyName : LogMeIn, Inc.
FileDescription : LogMeIn Maintenance Service
InternalName : LMIMaint
OriginalFilename : ramaint.exe
ProductName : LogMeIn
Created on : 16/10/2008 20:35:28
Last accessed : 12/04/2009 06:51:02
Last modified : 16/10/2008 20:35:28
#:34 [superantispyware.exe]
FilePath : C:\Program Files\SUPERAntiSpyware\
ThreadCreationTime : 12/04/2009 06:51:03
BasePriority : Normal
FileSize : 1787 KB
FileVersion : 4, 26, 0, 1000
ProductVersion : 4, 26, 0, 1000
Copyright : Copyright (C) 2005-2009 by SUPERAntiSpyware.com and SUPERAdBlocker.com
CompanyName : SUPERAntiSpyware.com
FileDescription : SUPERAntiSpyware Application
InternalName : SUPERAntiSpyware Application
OriginalFilename : SUPERAntiSpyware.exe
ProductName : SUPERAntiSpyware
Created on : 17/02/2009 10:43:26
Last accessed : 12/04/2009 06:51:04
Last modified : 11/04/2009 18:47:40
#:35 [lmiguardian.exe]
FilePath : C:\Program Files\LogMeIn\x86\
ThreadCreationTime : 12/04/2009 06:51:07
BasePriority : Normal
FileSize : 85 KB
FileVersion : 8.0.784
ProductVersion : 8.0.784
Copyright : Copyright
CompanyName : LogMeIn, Inc.
FileDescription : LMIGuardian
InternalName : LMIGuardian
OriginalFilename : LMIGuardian.exe
ProductName : LMIGuardian
Created on : 16/10/2008 20:35:24
Last accessed : 12/04/2009 06:51:07
Last modified : 16/10/2008 20:35:24
#:36 [tosbtmng.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ThreadCreationTime : 12/04/2009 06:51:08
BasePriority : Normal
FileSize : 472 KB
FileVersion : 3.03.5506.US
ProductVersion : 3.03.00.33
Copyright : Copyright (C) 2000-2005 TOSHIBA CORPORATION, All rights reserved.
CompanyName : TOSHIBA CORPORATION.
FileDescription : TosBtMng
InternalName : TosBtMng
OriginalFilename : TosBtMng.exe
ProductName : Bluetooth Stack for Windows by TOSHIBA
Created on : 06/05/2005 13:46:10
Last accessed : 12/04/2009 06:52:03
Last modified : 06/05/2005 13:46:10
#:37 [kem.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ThreadCreationTime : 12/04/2009 06:51:08
BasePriority : Normal
FileSize : 548 KB
FileVersion : 2.00.171
ProductVersion : 2.00.171
Copyright : (C) 2003 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Logitech SetPoint
InternalName : SetPoint
OriginalFilename : KEM.exe
ProductName : SetPoint Files
Created on : 15/10/2005 15:26:19
Last accessed : 12/04/2009 06:52:03
Last modified : 01/04/2004 11:06:52
#:38 [wpn111.exe]
FilePath : C:\Program Files\NETGEAR\WPN111\
ThreadCreationTime : 12/04/2009 06:51:08
BasePriority : Normal
FileSize : 864 KB
FileVersion : 1, 1, 0, 8
ProductVersion : 1, 1, 0, 8
Copyright : Copyright (C) 2005-2006
CompanyName : NETGEAR
FileDescription : Netgear MFC Application
OriginalFilename : WPN111.exe
ProductName : WPN111
Created on : 14/02/2009 13:32:20
Last accessed : 12/04/2009 06:51:11
Last modified : 26/01/2005 15:15:16
#:39 [tabuserw.exe]
FilePath : C:\WINDOWS\system32\WTablet\
ThreadCreationTime : 12/04/2009 06:51:10
BasePriority : Normal
FileSize : 112 KB
FileVersion : 4.93-3
ProductVersion : 4.93-3
Copyright : Copyright
CompanyName : Wacom Technology, Corp.
FileDescription : TABUSERW
InternalName : TABUSERW
OriginalFilename : TABUSERW.EXE
ProductName : Wacom Technology, Corp. TABUSERW
Created on : 16/02/2006 18:00:31
Last accessed : 12/04/2009 06:51:56
Last modified : 19/10/2005 15:52:32
#:40 [khalmnpr.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ThreadCreationTime : 12/04/2009 06:51:10
BasePriority : Normal
FileSize : 29 KB
FileVersion : 2.00.171
ProductVersion : 2.00.171
Copyright : (C) 2003 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Logitech Hardware Abstraction Layer
InternalName : SetPoint
OriginalFilename : KHALMNPR.Exe
ProductName : Productivity Software Common Files
Created on : 15/10/2005 15:26:20
Last accessed : 12/04/2009 06:51:10
Last modified : 01/04/2004 11:07:22
#:41 [tosa2dp.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ThreadCreationTime : 12/04/2009 06:51:11
BasePriority : Normal
FileSize : 256 KB
FileVersion : 3.01.5414.US
ProductVersion : 3.01.00.15
Copyright : Copyright (C) 2003-2005 TOSHIBA CORPORATION, All rights reserved.
CompanyName : TOSHIBA CORPORATION.
FileDescription : TosA2dp
InternalName : TosA2dp
OriginalFilename : TosA2dp.exe
ProductName : Bluetooth Stack for Windows by TOSHIBA
Created on : 14/04/2005 21:50:12
Last accessed : 12/04/2009 06:51:11
Last modified : 14/04/2005 21:50:12
#:42 [tosbthsp.exe]
FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
ThreadCreationTime : 12/04/2009 06:51:12
BasePriority : Normal
FileSize : 212 KB
FileVersion : 1.01.03.5311
ProductVersion : 1.01.03.0
Copyright : Copyright (C) 2003-2005 TOSHIBA CORPORATION, All rights reserved.
CompanyName : TOSHIBA CORPORATION.
FileDescription : TosBtHSP
InternalName : TosBtHSP
OriginalFilename : TosBtHSP.exe
ProductName : Bluetooth Stack for Windows by Toshiba
Created on : 11/03/2005 12:48:54
Last accessed : 12/04/2009 06:51:12
Last modified : 11/03/2005 12:48:54
#:43 [logmein.exe]
FilePath : C:\Program Files\LogMeIn\x86\
ThreadCreationTime : 12/04/2009 06:51:13
BasePriority : Normal
FileSize : 61 KB
FileVersion : 3.0.596
ProductVersion : 3.0.596
Copyright : Copyright
CompanyName : LogMeIn, Inc.
FileDescription : LogMeIn
InternalName : LogMeIn
OriginalFilename : LogMeIn.exe
ProductName : LogMeIn
Created on : 24/07/2008 18:46:10
Last accessed : 12/04/2009 06:51:13
Last modified : 24/07/2008 18:46:10
#:44 [lmiguardian.exe]
FilePath : C:\Program Files\LogMeIn\x86\
ThreadCreationTime : 12/04/2009 06:51:14
BasePriority : Normal
FileSize : 85 KB
FileVersion : 8.0.784
ProductVersion : 8.0.784
Copyright : Copyright
CompanyName : LogMeIn, Inc.
FileDescription : LMIGuardian
InternalName : LMIGuardian
OriginalFilename : LMIGuardian.exe
ProductName : LMIGuardian
Created on : 16/10/2008 20:35:24
Last accessed : 12/04/2009 06:51:07
Last modified : 16/10/2008 20:35:24
#:45 [nbservice.exe]
FilePath : C:\Program Files\Nero\Nero8\Nero BackItUp\
ThreadCreationTime : 12/04/2009 06:51:15
BasePriority : Normal
FileSize : 857 KB
FileVersion : 3, 5, 3, 0
ProductVersion : 3, 5, 3, 0
Copyright : Copyright (c) 2003-2008 Nero AG and its licensors
CompanyName : Nero AG
FileDescription : Nero BackItUp
InternalName : Nero BackItUp
OriginalFilename : NBService.EXE
ProductName : Nero BackItUp
Created on : 08/06/2008 09:31:04
Last accessed : 12/04/2009 06:51:15
Last modified : 08/06/2008 09:31:04
#:46 [ioctlsvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:51:17
BasePriority : Normal
FileSize : 80 KB
FileVersion : 1, 6, 0, 0
ProductVersion : 1, 6, 0, 0
Copyright : Copyright (C) 2006 Prolific Technology Inc.
CompanyName : Prolific Technology Inc.
FileDescription : PLFlash DeviceIoControl Service
InternalName : IoctlSvc
OriginalFilename : IoctlSvc.exe
ProductName : IoctlSvc Application
Created on : 19/12/2006 10:30:26
Last accessed : 12/04/2009 06:51:17
Last modified : 19/12/2006 10:30:26
#:47 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:51:19
BasePriority : Normal
FileSize : 68 KB
FileVersion : 10, 1, 1, 5
ProductVersion : 10, 1, 1, 5
Copyright : Copyright
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
OriginalFilename : PmlDrv.exe
ProductName : HP PML
Created on : 12/09/2006 19:42:15
Last accessed : 12/04/2009 06:51:19
Last modified : 03/03/2006 20:03:10
#:48 [prismxl.sys]
FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
ThreadCreationTime : 12/04/2009 06:51:19
BasePriority : Normal
FileSize : 168 KB
FileVersion : 6.0.1.22
ProductVersion : 6.0.1.22
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
OriginalFilename : PrismXL.sys
ProductName : PrismXL Software Family
Created on : 10/05/2005 09:06:33
Last accessed : 12/04/2009 06:51:19
Last modified : 10/05/2005 09:06:56
#:49 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:51:20
BasePriority : Normal
FileSize : 44 KB
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
Copyright : Copyright
FileDescription : User-Level Modem Service
InternalName : slserv
OriginalFilename : slserv.exe
ProductName : Modem
Created on : 10/05/2005 16:57:57
Last accessed : 12/04/2009 06:51:20
Last modified : 29/02/2004 21:20:20
#:50 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:51:23
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25/04/2005 23:06:00
Last accessed : 12/04/2009 06:50:36
Last modified : 14/04/2008 00:12:36
#:51 [tablet.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:51:25
BasePriority : High
FileSize : 732 KB
FileVersion : 4.93-3
ProductVersion : 4.93-3
Copyright : Copyright
CompanyName : Wacom Technology, Corp.
FileDescription : WacomService
InternalName : WacomService
OriginalFilename : WacomService.exe
ProductName : Wacom Win32 Tablet Service
Created on : 16/02/2006 18:00:29
Last accessed : 12/04/2009 06:52:05
Last modified : 19/10/2005 15:31:52
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯0 -
Adware part 2 log (sorry would not all fit in 1st log report!
#:52 [alg.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 12/04/2009 06:51:38
BasePriority : Normal
FileSize : 43 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-0852)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
OriginalFilename : ALG.exe
ProductName : Microsoft
Created on : 25/04/2005 23:05:23
Last accessed : 12/04/2009 06:51:38
Last modified : 14/04/2008 00:12:12
#:53 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ThreadCreationTime : 12/04/2009 06:51:40
BasePriority : Normal
FileSize : 213 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2108)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
OriginalFilename : Wmiprvse.exe
ProductName : Microsoft
Created on : 25/04/2005 23:23:19
Last accessed : 12/04/2009 06:51:40
Last modified : 14/04/2008 00:12:40
#:54 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:52:16
BasePriority : Normal
FileSize : 50 KB
FileVersion : 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)
ProductVersion : 7.2.6001.788
CompanyName : Microsoft Corporation
FileDescription : Windows Update Automatic Updates
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 25/04/2005 23:25:14
Last accessed : 12/04/2009 06:51:52
Last modified : 16/10/2008 14:09:44
#:55 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 12/04/2009 06:52:45
BasePriority : Normal
FileSize : 5541 KB
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
Copyright : Copyright (c) Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 19/01/2007 12:54:56
Last accessed : 12/04/2009 06:52:48
Last modified : 19/01/2007 12:54:56
#:56 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 12/04/2009 06:53:01
BasePriority : Normal
FileSize : 50 KB
FileVersion : 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)
ProductVersion : 7.2.6001.788
CompanyName : Microsoft Corporation
FileDescription : Windows Update Automatic Updates
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 25/04/2005 23:25:14
Last accessed : 12/04/2009 06:51:52
Last modified : 16/10/2008 14:09:44
#:57 [usnsvc.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 12/04/2009 06:53:19
BasePriority : Normal
FileSize : 94 KB
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
Copyright : Copyright (c) Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Messenger Sharing USN Journal Reader Service
InternalName : usnsvc.exe
OriginalFilename : usnsvc.exe
ProductName : Messenger
Created on : 19/01/2007 12:54:14
Last accessed : 12/04/2009 06:53:19
Last modified : 19/01/2007 12:54:14
#:58 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 12/04/2009 06:53:26
BasePriority : Normal
FileSize : 619 KB
FileVersion : 7.00.6000.16791 (vista_gdr.081217-1620)
ProductVersion : 7.00.6000.16791
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Windows
Created on : 25/04/2005 23:25:03
Last accessed : 12/04/2009 06:53:31
Last modified : 19/12/2008 05:25:25
#:59 [wlloginproxy.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Windows Live\
ThreadCreationTime : 12/04/2009 06:53:37
BasePriority : Normal
FileSize : 112 KB
FileVersion : 4.100.313.1
ProductVersion : 4.100.313.1
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : WLLoginProxy.exe
InternalName : WLLoginProxy
OriginalFilename : WLLoginProxy.exe
ProductName : Microsoft
Created on : 31/08/2006 20:33:02
Last accessed : 12/04/2009 06:53:37
Last modified : 31/08/2006 20:33:02
#:60 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 12/04/2009 06:58:34
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 04/09/2005 17:35:42
Last accessed : 12/04/2009 06:58:35
Last modified : 12/07/2003 21:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data :
Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data :
Registry scan result :
New objects : 2
Objects found so far: 2
Started deep registry scan
Deep registry scan result :
New objects : 0
Objects found so far: 2
Deep scanning and examining files (C:)
Malwarebytes report
Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 5.1.2600 Service Pack 3
12/04/2009 10:44:38
mbam-log-2009-04-12 (10-44-38).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 208310
Time elapsed: 48 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I will reboot and try and do a Hijack this log! Many thanks for any help offered Margaret0 -
Please update and re run Malwarebytes - you are using an older version with old definitions - just click on the update tab.0
-
Logfile of Trend Micro HijackThis v2.0.2
Scansaved at 10:57:09, on 12/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
c:\program files\a-squared free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://studies.eye-square.info/2008-10-TNS_GYV/SwapMedia/proxy_en.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PanelApp] C:\Documents and Settings\\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/OpiStat_preinstaller_activex_en_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.co.uk/clients/ImageUploader3.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resources/OBInstallCabinet.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.oasiz.net/chat/controls/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: bw+0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: offline-8876480 - {1EB44843-557A-4D9D-A503-F8112A68CB13} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll0 -
Part 2 of Hijackthis log
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 27623 bytes0 -
Uninstall LOGITECH DESKTOP MESSENGER and post another hijack log:idea:0
-
Thank you reluctant spender. I have updated Malwarebytes and am now doing a quick scan!
I will try to uninstall LOGITECH DESKTOP MESSENGER now and do another Hijack this log. Thank you AlienRIK!0 -
Updated malwarebytes log report!
alwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3
12/04/2009 11:11:54
mbam-log-2009-04-12 (11-11-54).txt
Scan type: Quick Scan
Objects scanned: 84444
Time elapsed: 3 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:46, on 12/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
c:\program files\a-squared free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Documents and Settings\\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://studies.eye-square.info/2008-10-TNS_GYV/SwapMedia/proxy_en.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PanelApp] C:\Documents and Settings\\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/OpiStat_preinstaller_activex_en_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.co.uk/clients/ImageUploader3.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resources/OBInstallCabinet.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.oasiz.net/chat/controls/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 15616 bytes0 -
Use the 32 bit AVG removal tool (Some still showing in the log)
http://www.avg.com/download-tools
FIX these using hijack (TICK them then FIX them) ~
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...OPE_SILENT.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
Also this one if you dont use a proxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://studies.eye-square.info/2008-...a/proxy_en.pac
Run COMBOFIX
(Follow the simple instructions it gives)
Post the COMPLETE log here:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards